1. Field of the Invention
The present invention relates in general to the field of filtering internet traffic in a client-server environment, and in particular to a method and a system for correlation of session activities to a browser window in a client-server environment. Still more particularly, the present invention relates to a data processing program and a computer program product for correlation of session activities to a browser window in a client-server environment.
2. Description of the Related Art
When operating proxy services with included content filtering the tracking of individual user's activities can become troublesome. Separating individual user's browsing sessions to the individual browser tab/window is usually not possible without evaluating the client's IP address, port and authentication.
Also even if these details are available they cannot reflect the user's environment properly, because the browser re-uses a single connection for multiple tabs, a firewall is performing network address translation for the connection, a forward proxy is combining the traffic of multiple users, and the users work on a terminal server and appear to be coming all from the same IP address. User-based authentication is not available or users share a single account.
The most obvious and widely used solution today for correlation of session activities to a browser window in a client-server environment is creating a “plugin” which is installed into the user's browser and captures the user's surfing activities and sends them to a different server for recording/archiving.
This solution however has a lot of problems and limitations that hamper the widespread use and create further problems. There are dozens of browsers available on the market (Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, Opera, etc.) and every browser has an own “variant” of how plugins are implemented, so code can only be shared on a very basic level between each plugin variant. Further, every browser allows different actions and access to the user's activities. Most browsers run on a very diverse base of operating systems, sometimes requiring the plugin to be adapted to work under certain operating systems. Additionally the plugin has to be installed on each user's browser, the plugin has to be maintained and updated alongside with updates from the browser vendors, and new versions of the plugin have to be rolled out and distributed to the users.
In the Patent Application Publication US 2006/0031442 A1 “METHOD AND SYSTEM FOR EXTERNALIZING SESSION MANAGEMENT USING A REVERSE PROXY SERVER” by Ashley et al. a method, system, and computer program product for providing access to a set of resources in a distributed data processing system is disclosed. A reverse proxy server receives a resource request from a client and determines whether or not it is managing a session identifier that was previously associated with the client by the reverse proxy server; if so, it retrieves the session identifier, otherwise it obtains a session identifier and associates the session identifier with the client providing information that is managed by the reverse proxy server. The reverse proxy server then modifies the resource request to include the session identifier and forwards the modified resource request to an application server. The disclosure is targeted at checking and maintaining the authentication for a single domain using either SSL sessions or cookies specific to that domain or explicit connection. It makes no attempts at associating the session identification with user's requests to other domains or content embedded from foreign domains. Additionally it has to rely on user-driven authentication to create the context of a single user entity.
In the Patent Application Publication US 2004/0054784 A1 “METHOD, SYSTEM AND PROGRAM PRODUCT FOR TRACKING WEB USER SESSIONS” by Bush et al. a method, system, and program product for tracking web user sessions is disclosed. Specifically a user requests a web page on a user system. When the web page is delivered from the web server, program code within the web page is executed to generate a unique identifier corresponding to the web page. The unique identifier includes a unique value that corresponds specifically to the web page and a time stamp indicating the date and/or time the web page was delivered to the user. An initial communication that includes initial web page data (e.g., the referring source, etc.) and the unique identifier is then transmitted from the user system to an analytics system. The analytics system will then transmit a session cookie pertaining to a current web user session back to the user system. All subsequent communications from the user system to the analytics system will include additional web page data as well as the unique identifier and session cookie. The unique identifier and session cookie are used to correlate the additional web page data with the initial web page data. The disclosure tracks users using cookies only. The cookies have to be delivered from the accessed webserver itself. The disclosure cannot track users across different domains and also cannot track users' individual browser windows.